clock menu more-arrow no yes mobile

Filed under:

Valve briefly suspends Steam service after security error exposes user information (update)

Maybe stay off Steam for a while

Valve temporarily suspended Steam service today, including shutting down its online store, after a widespread error with the popular distribution platform exposed user information to other members.

Earlier today, Steam users were reportedly able to access information belonging to other users, including their purchase histories, PayPal information, Steam Wallet balances and certain contact information. Some Steam users logged in to find their Steam client displaying information in another language or another Steam member's username.

In reaction to the potential breach, Valve shut down some Steam services this afternoon, but it appears that those services, including the store, are back online.

Valve hasn't officially commented on the issue — the official Steam Twitter account most recently posted about the ongoing Steam Holiday Sale — but we've reached out to the company for comment.

Steam Database, a Steam tracking service which is not affiliated with Valve, theorizes that the disturbance with Steam on Christmas Day was "not a hack or a DDoS attack," but was instead related to a caching error. According to SteamDB, the error was a "read-only" issue, meaning that users were able to see other users' information, but that "no one is able to perform any actions involving your account on your behalf."

Update: Valve has provided us with a statement regarding today's events. "Steam is back up and running without any known issues," said Doug Lombardi, Valve's director of marketing. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour.

"This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."